Scribd
Upload
54 views9 pages

Week 4 Quiz Incident Handling and Response (10452.B1)

Uploaded by

jyothirmai.sai949
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
54 views9 pages

Week 4 Quiz Incident Handling and Response (10452.B1)

Uploaded by

jyothirmai.sai949
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

Week 4 Quiz: Incident Handling and Response (10452.B1) https://wilmu.instructure.

com/courses/33859/quizzes/86297

Week 4 Quiz
Due Oct 1, 2021 at 11:59pm Points 100 Questions 20
Time Limit None Allowed Attempts Unlimited

This quiz is no longer available as the course has been concluded.

Attempt History
Attempt Time Score
LATEST Attempt 1 1 minute 100 out of 100

 Correct answers are hidden.

Score for this attempt: 100 out of 100


Submitted Sep 24, 2021 at 2:10pm
This attempt took 1 minute.

Question 1 5 / 5 pts

The IR team will have a multitude of responsibilities including the


preservation, collection, validation, identification, analysis,
interpretation, documentation and presentation of digital evidence
derived from digital sources for the purposes of reconstructing events.

True

False

Question 2 5 / 5 pts

1 of 9 7/26/2022, 11:03 AM
Week 4 Quiz: Incident Handling and Response (10452.B1) https://wilmu.instructure.com/courses/33859/quizzes/86297

A forensics team typically uses two methods to document a scene as it


exists at the time of arrival: photography and ____.

field notes

interviewing

field activity log forms

authentication

Question 3 5 / 5 pts

The four (4) main sources of data for the forensics process include: 1)
files, 2)_____________, 3) network traffic, and applications.

operating systems

computers

storage array

servers

Question 4 5 / 5 pts

During the Identify stage, several question must be answered. These


include RAM contents, login sessions, memory, running processes,
open files, network connections, network configurations, etc. One of
the essential elements is _____________________.

2 of 9 7/26/2022, 11:03 AM
Week 4 Quiz: Incident Handling and Response (10452.B1) https://wilmu.instructure.com/courses/33859/quizzes/86297

registers and cache

system time

open ports

volatile memory

Question 5 5 / 5 pts

A(n) ____ attack is a method of combining attacks with rootkits and


back doors.

hybrid

unauthorized

lockdown

hijack

Question 6 5 / 5 pts

A(n) ____ covers the confidentiality of information from everyone unless


disclosure is mandated by the courts.

statement of indemnification

intellectual property assurance

nondisclosure agreement

3 of 9 7/26/2022, 11:03 AM
Week 4 Quiz: Incident Handling and Response (10452.B1) https://wilmu.instructure.com/courses/33859/quizzes/86297

covenant not to compete

Question 7 5 / 5 pts

During the SELECT phase, the team or investigator must decide on an


area of focus. Once the focus area has been determined, data carving
is an important aspect. Data carving is the process of retrieving data
from __________ or __________ files.

hidden and deleted

operating system and bootkit

executables and libraries

packed and encrypted

Question 8 5 / 5 pts

During the _____________phase, the forensic examiner must evaluate


the relevance of data collected to the current investigation.

CLASSIFY

EXAMINE

ANALYZE

SELECT

4 of 9 7/26/2022, 11:03 AM
Week 4 Quiz: Incident Handling and Response (10452.B1) https://wilmu.instructure.com/courses/33859/quizzes/86297

Question 9 5 / 5 pts

A(n) ____ is any clearly identified attack on the organization’s


information assets that would threaten the assets’ confidentiality,
integrity, or availability.

trespass

Trojan horse

risk

incident

Question 10 5 / 5 pts

During the _______________ phase, investigators or examiners are


required to document every event as the they performed it.

ANALYZE

SELECT

PRESERVE

PRESENT

Question 11 5 / 5 pts

As soon as the CSIRT is able to determine what exactly is happening, it

5 of 9 7/26/2022, 11:03 AM
Week 4 Quiz: Incident Handling and Response (10452.B1) https://wilmu.instructure.com/courses/33859/quizzes/86297

is expected to report its preliminary finding to management.

True

False

Question 12 5 / 5 pts

Automated IR systems/tools help to facilitate IR documentation and are


available through a number of vendors.

True

False

Question 13 5 / 5 pts

As part of Developing and Refining the Investigation Plan, the team


must 1) determine the scope, 2)__________________, 3) decide what
to collect, 4) evaluate whether the information can be collected, and 5)
set boundaries to ensure no scope creep.

define processes

conduct BIA

estimate hours

develop ROI

6 of 9 7/26/2022, 11:03 AM
Week 4 Quiz: Incident Handling and Response (10452.B1) https://wilmu.instructure.com/courses/33859/quizzes/86297

Question 14 5 / 5 pts

There are a limited number (1-2) of certifications associated digital


forensics.

True

False

Question 15 5 / 5 pts

During the final analysis, ALL data collected must be presented and
evaluated.

True

False

Question 16 5 / 5 pts

Deciding which technical contingency strategies are selected,


developed, and implemented is most often based on the type of
__________ being used.

training

recovery plan

information system

7 of 9 7/26/2022, 11:03 AM
Week 4 Quiz: Incident Handling and Response (10452.B1) https://wilmu.instructure.com/courses/33859/quizzes/86297

service provider

Question 17 5 / 5 pts

E-mail spoofing attacks require an immediate response, typically no


more than 30 minutes to one hour.

True

False

Question 18 5 / 5 pts

It is not essential that the incident response policies are integrated with
the overall enterprise security plan.

True

False

Question 19 5 / 5 pts

Essentially a DoS attack, a ____ is a message aimed at causing


organizational users to waste time reacting to a nonexistent malware
threat.

Trojan horse

8 of 9 7/26/2022, 11:03 AM
Week 4 Quiz: Incident Handling and Response (10452.B1) https://wilmu.instructure.com/courses/33859/quizzes/86297

worm infection

malware hoax

tracking cookie

Question 20 5 / 5 pts

General users require training on the technical details of how to do their


jobs securely, including good security practices, ____ management,
specialized access controls, and violation reporting.

password

“before action”

organization

war gaming

Quiz Score: 100 out of 100

9 of 9 7/26/2022, 11:03 AM

You might also like